Method for providing and billing wim functionalities in mobile communication terminals

ABSTRACT

The invention relates to a method for providing and billing WIM functionalities in mobile communication terminals. The method is characterized in that the WIM internally counts each of the signatures initiated by the subscriber, wherein the signature function is blocked when a given number of signatures has been reached. No further signatures are possible until the counter has been reset by means of a release/reload-type operation and a corresponding billing has taken place.

STATE OF THE ART

An open standard called WTLS (Wireless Transport Layer Security) wasdeveloped by mobile network operators and device manufacturers forsecure electronic transactions via the mobile phone network. WTLS isbased on existing standards like WAP (Wireless Application Protocol) andTLS (Transport Layer Security) for encoding and WIM (WirelessIdentification Module) for identification and signature. TLS or WTLStechnology concerns a protocol of the transport layer. This layerinnately ensures a reliable, transparent, and encoded transmission ofdata between two systems based on a so-called public key infrastructure(PKI). Moreover, it functions like an interface between the above-lyingapplication-oriented layers and the lower-lying network-oriented layers.The central task is the formation of a connection and the controlbetween two processes. The identification and signature of theinformation takes place via the WIM. Signatures that take place duringthe handshake in the WLTS/TLS are not initiated by the user and occurautomatically. A separate key is also used here that is not thesignature key that is used for signatures within applications.

This allows various transactions to be performed with mobilecommunication terminals, like e.g. bank and stock exchange transactions,credit card and other payments, as well as access control to buildingsand computers. Together with suitable infrared interfaces or theshort-distance radio communications standard “Bluetooth,” payments arepossible in connection with points of sale and gas pumps as well asauthorizations at lock systems.

The necessary PKI procedures are performed individually between asubscriber (customer) and any service provider, whereby the subscriberregisters as appropriate with the service provider. The WIM on the otherhand is generally provided by the operator of the communication networkused by the end device and is realized in an end device or anidentification module, e.g. SIM, connected with it.

OBJECT OF THE INVENTION

The object of the invention is to suggest a method that allows thesimple and secure provision and billing of WIM functionalities in mobilecommunication terminals.

This object is solved according to the invention through thecharacteristics of patent claim 1.

Advantageous embodiments and advanced versions of the invention aregiven in the dependent patent claims.

It is suggested that the number of WIM signatures that can be performedby an end terminal or an identification module, e.g. an SIM chip card,be limited using a counter. The counter counts each signature. When thecounter reaches a threshold value, no more signatures are allowed untila reset has taken place via a type of release/reload.

In accordance with the invention, the WIM provides functionality withwhich signatures can be created on the application level. These areinitiated by the subscriber (user); the subscriber must e.g. enterhis/her so-called PIN-NR (non-repudiation PIN) for each signature.

The WIM blocks the “signing” functionality when the counter has run out.A release/reloading can then e.g. take place via OTA (over the airmessage) and be billed to the subscriber.

An exemplary embodiment of the invention is described below. A mobiletelephone with an identification module (SIM card) with devices forimplementing secure electronic transactions and corresponding interfacesis assumed to be the mobile communication terminal.

The WIM internally counts each signature initiated by the subscriber.When a preset number of signatures have been performed, no furthersignatures are possible until this function has been released again. Therelease occurs via the air interface of the mobile communication network(over the air) using a corresponding SAT application (SAT: SIMApplication Toolkit) implemented on the SIM card and can only take placevia the network operator. At the same time as the release, the number ofpossible can be reset. A counting of each individual signature in themobile communication network is not required.

Various options are possible and can be combined:

-   -   The signature can generally be released, e.g. for post-paid        subscribers, i.e. subscribers with SIM card contracts or        subscribers who pay a higher base fee.    -   The counter reading on the card can be queried by the subscriber        locally via a simple SAT function, e.g. to request the release        of additional signatures in advance, e.g. via an SAT function.        The release is charged/billed to the subscriber.    -   After the last signature has been used, the card sends an SMS to        a central device connected to the communication network, e.g. a        release server, which bills the number of used signatures to the        subscriber and then releases the signature functionality again,        if the subscriber wishes (can be used for prepaid and        post-paid).

The internal counter counts down with each signature. The WIM functionis blocked when the counter reading=0. A release takes place “over theair” e.g. via an SAT application. An unlimited signing can e.g. bereleased if the network operator sets the reading on the counter to avalue of −1.

The invention allows third parties, e.g. banks, to create their own PKIprocedures and to register their own subscribers for the use of theseprocedures. The network operator does not need its own PKI procedures,but rather makes available to the subscribers a universally usable WIM.

1. Method for providing and for billing for functionalities of awireless identification module WIM in electronic transactions usingmobile communication terminals, in which an identification and signatureof a subscriber takes place via WIM, characterized in that an internalcounter is installed in the WIM, which counts each signature initiatedby the subscriber, whereby the signature function at of the WIM isblocked when a predetermined number of signatures has been performed. 2.Method in accordance with claim 1, characterized in that arelease/reloading of the counter is set at a predetermined value and thesignature functionality is thereby released again for a predeterminednumber of signatures.
 3. Method in accordance with claim 1,characterized in that a fee for the performed signatures is charged tothe subscriber upon each release/reloading.
 4. Method in accordance withclaim 1, characterized in that the release/reloading of the signaturefunctionality takes place via the air interface of the mobilecommunication network.
 5. Method in accordance with claim 1,characterized in that the release/reloading takes place via one of therelease servers connected to the mobile communication network.
 6. Methodin accordance with claim 2, characterized in that a fee for theperformed signatures is charged to the subscriber upon eachrelease/reloading.
 7. Method in accordance with claim 2, characterizedin that the release/reloading of the signature functionality takes placevia the air interface of the mobile communication network.
 8. Method inaccordance with claim 3, characterized in that the release/reloading ofthe signature functionality takes place via the air interface of themobile communication network.
 9. Method in accordance with claim 2,characterized in that the release/reloading takes place via one of therelease servers connected to the mobile communication network. 10.Method in accordance with claim 3, characterized in that therelease/reloading takes place via one of the release servers connectedto the mobile communication network.
 11. Method in accordance with claim4, characterized in that the release/reloading takes place via one ofthe release servers connected to the mobile communication network.